<?php
require_once(__PHY_LIB.'/func/_Common.func.php');
require_once(__PHY_LIB.'/class/Session.class.php'); new Session();
require_once(__PHY_LIB.'/class/aUser.class.php');
require_once(__PHY_LIB.'/class/Tpl.class.php');

/// login ///
if (!$_SESSION['ADM_USER_ID']) {
	$sMsg = '你还没登录';
	header('Location: '.__DIR_ADM.'/base/login.php?msg='.urlencode($sMsg));
	exit();
}

/// init ///
$oTpl = new Tpl();
$oTpl->assignConst();
$_br = "<br />\n";

/// _ME ///
global $_ME;
$_ME = new aUser($_SESSION['ADM_USER_ID']);
$oTpl->assign('_ME', $_ME->getData());

/// access ///
if (!$_ME->checkAccess($_SERVER['SCRIPT_NAME'], 'READ')) {
	$sMsg = '你没有对此功能的读权限';
	header('Location: '.__DIR_ADM.'/index.php?msg='.urlencode($sMsg));
	exit();
}
elseif (isset($_REQUEST['action']) && in_array($_REQUEST['action'], array('add', 'update', 'delete', 'remove'))) {
	if (!$_ME->checkAccess($_SERVER['SCRIPT_NAME'], 'WRITE')) {
		$sMsg = '你没有对此功能的写权限';
		header('Location: '.$_SERVER['SCRIPT_NAME'].'?msg='.urlencode($sMsg));
		exit();
	}
	else { ; } // pass to WRITE.
}
else { ; } // pass to READ.

/// _The ///
global $_The;
$_The = array(
	'Depth' => 1,
	'Dir' => 'admin/',
	'AdmFunc' => $_SERVER['SCRIPT_NAME'],
	'FileBase' => basename($_SERVER['SCRIPT_NAME'], '.php'),
);
$oTpl->assign_by_ref('_The', $_The);

header("Content-type: text/html; charset=utf-8");
?>
